ASA Grok Failure ASA-4-113019

pankaj · May 11, 2020, 10:05am

I am trying to parse and index the cisco asa logs for particular syslog messages . The grok debuger showing the code okay but I dont see the logs indexed in elasticsearch

Regards
Pankaj

pankaj · May 11, 2020, 10:12am

Here is my code .

=================code============================================================
#If CiscoTag is ASA-4-113019 -
if [type] == "cisco-fw" and [ciscotag] == "ASA-4-113019" {
grok {
match => ["cisco_message", "Group = %{GREEDYDATA:group}, Username =%{GREEDYDATA:user}, IP = %{IP:src_ip}, (?%{WORD} %{WORD}). Session Type: %{GREEDYDATA:type}, Duration: %{GREEDYDAT
A:duration}, Bytes xmt: %{GREEDYDATA:xmtbytes}, Bytes rcv: %{GREEDYDATA:rcvbytes}, Reason: %{GREEDYDATA:reason}"]
}
}

system · June 8, 2020, 10:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing Cisco ASA Log Logstash	1	825	June 3, 2019
Syslog Cisco ASA Elasticsearch	3	3019	March 18, 2017
Logstash 2.0 Cisco Asa - data does not appear in kibana Logstash	7	2096	July 6, 2017
_grokparsingfailure with Cisco Catalyst switch syslogs Logstash	1	459	December 8, 2020
Logstash Filter for Cisco ASA Source Destination and Communication Logstash	6	986	January 25, 2023

ASA Grok Failure ASA-4-113019

Related Topics